"This patch resolves two heap corruption vulnerabilities in the CDG
decoder for VLC media player. In both cases, a failure to properly
validate indexes into statically-sized arrays on the heap allows a
maliciously crafted CDG video to corrupt the heap in a controlled
manner, potentially leading to code execution."